Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1746
Views
0
Helpful
2
Replies

FTD 6.1 Application Detector - Not detecting certain connections

Ralph Rye
Level 1
Level 1

‎10-03-2016 10:27 PM - edited ‎02-21-2020 05:55 AM

Anyone run into issues with FTD, in what appears to be random cases the application detection engine doesn't classify a flow with AVC application protocol / client information?

I have seen it on SYSLOG, NTP, NetBIOS-ssn (SMB [TCP 445]), and other applications.  It is not consistent, meaning NTP will be classified correctly for quite a while and then randomly a session will not be.  When it is not, there is no Application protocol / client / web application listed in the log entry for that connection.

This is a major issue as I am attempting to use AVC rules, and when the application detection doesn't work correctly the traffic hits the default action policy which is set to deny / block.

TAC suggested changing all the allow rules to log at the end of the connection.  They suggested that would provide more accurate logging when the initial packets of an application are not classified at that point.  That didn't have a impact and I currently running with a policy that includes temporary port / services rules.

Ralph

1 person had this problem
0 Helpful
2 Replies 2

gaboughanem
Level 1
Level 1

‎07-25-2019 03:08 AM

Hello,

I am facing the same exact issue with application detector and i am running version 6.2.3.13.

 

have you solved the problem or found a solution?

 

Regards,

George 

0 Helpful

gaboughanem
Level 1
Level 1

‎07-25-2019 03:09 AM

Hello,

I am facing the same exact issue with application detector and i am running version 6.2.3.13.

 

have you solved the problem or found a solution?

 

Please anyone can assist?

 

Regards,

George 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card